Breadcrumbs

User Mode (User Interface)

The Windows Agent can be installed in a User Interface configuration called User Mode. With the Agent installed in User Mode, certificates are available in the Personal Store in Windows.

Install the User Agent

  1. Download the Signum Windows Agent MSI installer.

  2. In the same directory as the MSI installer, create a new plain text file with the extension .bat, for example signum-agent-config.bat .

  3. Copy and paste the text below, modifying the properties as needed to match the environment. Ensure the file name of the Agent matches the file name of the .msi that was downloaded.

msiexec /i kf-agent-x64-4.30.1-456b2f45-MS-WO_Trust.msi ^
RTPRIMARY="Deployment URL" RTSECONDARY="Deployment URL" ^
CLIENTID="The ClientID from the SaaS Portal" ^
AuthMode="SAML2" AGENTMODE="USER" DefaultDomain="somedomain.com" ^
Language="en-US" ^  
echo Exit Code is %errorlevel%

  1. With both the .bat file and .msi in the same directory, run the .bat file by double clicking in Windows Explorer and this will launch the Installer.

The agent installed with AGENTMODE="USER" includes an interactive User Interface. A Windows process named “RTTrayApp” will be running. An icon for the Keyfactor Signum Agent is available in the System tray:

image-20230406-130625.png

Right-click on the tray Icon to bring up several options.

Configure the User Agent

Go to the About section for information about the Agent:

image-20230406-131150.png

Settings Section

The Settings section allows a user assigned to a Local Users Domain to update their credentials to the service.

This option is only present if the AuthMode is LocalUsers.

image-20230406-163049.png

Certificates Section

The Certificates section of the Agent displays the certificates that are available to the authenticated user, as determined by the defined access policies.

If multiple certificates are listed and no selection is made, all listed certificates are made available by default. Selecting specific certificates restricts availability to only the chosen certificates.

The certificates that are made available through the Agent are also visible in the authenticated user’s Personal Store (MY) in Windows.

image-20230406-163649.png

Login Section

Selecting Login on the Agent brings up a login window where a LocalUser can enter their credentials. By default, the option to remember user credentials is disabled. If enabled, the user is automatically logged in after restarting the machine. Logging out of the Agent would again prompt for the credentials.

To enable the Remember user credentials feature, reach out to Keyfactor.

image-20230406-164900.png

If you log in to a SAML or OAuth Domain after clicking Login, the default browser opens to the IDP login page matching the identity provider that was defined in the Admin Web Console and included in the DefaultDomain Agent parameter.

Logout

Selecting Logout terminates the Signum session and requires the user to re-authenticate to connect.